Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		22.02.2008
Source:
SecurityVulns ID:		8711
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: multiple XSS.

Affected:		XOOPS : xoops 2.0
		PUNBB : PunBB 1.2
		AERIES : Aeries Browser Interface 3.8
		AERIES : aeries browser interface 3.7
		OSSIM : Open Source Security Information Management 0.9

Original document		hackturkiye.hackturkiye_(at)_gmail.com, joomla SQL Injection(com_cms) (22.02.2008)
		hackturkiye.hackturkiye_(at)_gmail.com, joomla SQL Injection(com_asortyment)katid (22.02.2008)
		hackturkiye.hackturkiye_(at)_gmail.com, XOOPS Module prayerlist SQL Injection(cid) (22.02.2008)
		hackturkiye.hackturkiye_(at)_gmail.com, joomla SQL Injection(com_most)secid (22.02.2008)
		hackturkiye.hackturkiye_(at)_gmail.com, joomla SQL Injection(com_mygallery) (22.02.2008)
		hackturkiye.hackturkiye_(at)_gmail.com, PHP-Nuke Module Downloads SQL Injection(sid) (22.02.2008)
		hackturkiye.hackturkiye_(at)_gmail.com, PHP-Nuke genaral print SQL Injection(id) (22.02.2008)
		hackturkiye.hackturkiye_(at)_gmail.com, PHP-Nuke Module Dossiers Injection(did) (22.02.2008)
		marcin.kopec_(at)_hotmail.com, SQL-injection, XSS in OSSIM (Open Source Security Information Management) (22.02.2008)
		hackturkiye.hackturkiye_(at)_gmail.com, PHP-Nuke Siir SQL Injection(id) (22.02.2008)
		hackturkiye.hackturkiye_(at)_gmail.com, XOOPS Module tinyevent-print SQL Injection(id) (22.02.2008)
		hackturkiye.hackturkiye_(at)_gmail.com, joomla SQL Injection(com_idvnews) (22.02.2008)
		hackturkiye.hackturkiye_(at)_gmail.com, PHP-Nuke Module BenchmarkNewsInjection(sid) (22.02.2008)
		hackturkiye.hackturkiye_(at)_gmail.com, joomla SQL Injection(com_joomlavvz) (22.02.2008)
		hackturkiye.hackturkiye_(at)_gmail.com, joomla SQL Injection(com_referenzen) (22.02.2008)
		hackturkiye.hackturkiye_(at)_gmail.com, PHP-Nuke Module Classifieds SQL Injection(Details) (22.02.2008)
		hackturkiye.hackturkiye_(at)_gmail.com, joomla SQL Injection(com_asortyment)katid (22.02.2008)
		admin_(at)_arsalank.com, aeries browser interface(ABI) 3.8.2.8 Remote SQL Injection (22.02.2008)
		admin_(at)_arsalank.com, aeries browser interface(ABI) 3.7.2.2 Remote SQL Injection (22.02.2008)
		admin_(at)_arsalank.com, aeries browser interface(ABI) 3.8.2.8 XSS (22.02.2008)
		Stefan Esser, Advisory SE-2008-01: PunBB Blind Password Recovery Vulnerability (22.02.2008)
		f10_(at)_by-f10.com, Xoops-2.0.16 Remote File Inclusion (22.02.2008)

Discuss:

Read or add your comments to this news (0 comments)

Sybase MobiLink buffer overflows
Published:		22.02.2008
Source:		BUGTRAQ
SecurityVulns ID:		8713
Type:		remote
Level:		5/10
Description:		Multiple buffer overflows during authentication.

Affected:

SYBASE : MobiLink 10,0

Original document

Luigi Auriemma, Heap overflow in Sybase MobiLink 10.0.1.3629 (22.02.2008)

Discuss:

Read or add your comments to this news (0 comments)

ZyXel Prestige routers multiple security vulnerabilities
Published:		22.02.2008
Source:		BUGTRAQ
SecurityVulns ID:		8716
Type:		remote
Level:		6/10
Description:		Crossite scripting, crossite request spoofing, privilege escalation, unauthorized SNMP access, information leak.

Affected:		ZYXEL : ZyXel P-660H-D1
		ZYXEL : ZyXel P-660H-D3
		ZYXEL : ZyXel P-660HW-D1
		ZYXEL : ZyXel P-661HW-D1

Original document

ProCheckUp Research, ZyXEL Gateways Vulnerability Research: http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf (22.02.2008)

Files:		ZyXel gateways vulnerability research
Discuss:		Read or add your comments to this news (0 comments)

splitvt privilege escalation
Published:		22.02.2008
Source:		BUGTRAQ
SecurityVulns ID:		8714
Type:		remote
Level:		5/10
Description:		Group privileges are not dropped on external application execution.

Affected:		SPLITVT : splitvt 1.6
CVE:		CVE-2008-0162

Original document

DEBIAN, [SECURITY] [DSA 1500-1] New splitvt packages fix privilege escalation (22.02.2008)

Discuss:

Read or add your comments to this news (0 comments)

EMC Replistor multiple security vulnerabilities
Published:		22.02.2008
Source:		BUGTRAQ
SecurityVulns ID:		8712
Type:		remote
Level:		5/10
Description:		Multiple security vulnerabilities on TCP/7144 and TCP/7145 traffic parsing.

Affected:		EMC : RepliStor 6.2
CVE:		CVE-2008-6426 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6426. Reason: This candidate is a duplicate of CVE-2007-6426. Notes: All CVE users should reference CVE-2007-6426 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.)
		CVE-2007-6426

Original document

IDEFENSE, iDefense Security Advisory 02.19.08: EMC RepliStor Multiple Heap Overflow Vulnerabilities (22.02.2008)

Discuss:

Read or add your comments to this news (0 comments)

Symantec VERITAS Storage Foundation multiple security vulnerabilities updated since 22.02.2008
Published:		15.08.2008
Source:		BUGTRAQ
SecurityVulns ID:		8715
Type:		remote
Level:		6/10
Description:		DoS on TCP/4888 request parsing, buffer overflow on UDP/3207 parsing.

Affected:		SYMANTEC : Veritas Storage Foundation 5.0
CVE:		CVE-2008-0638
		CVE-2007-4516

Original document		ZDI, ZDI-08-053: Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass Vulnerability (15.08.2008)
		SYMANTEC, SYM08-015_SFW_SecurityUpdateBypass (15.08.2008)
		IDEFENSE, iDefense Security Advisory 02.20.08: Symantec Veritas Storage Foundation Scheduler Service DoS Vulnerability (22.02.2008)
		ZDI, ZDI-08-007: Symantec VERITAS Storage Foundation Administrator Service Heap Overflow Vulnerability (22.02.2008)

Discuss:

Read or add your comments to this news (0 comments)